I'm going to side with Jericho on this one, and lobbied for inclusion in
OSVDB back when we first discussed. If you work at a financial (or
really any place), an open redirect is an open invitation to phishing.
In the end, I think a VDB's job (much like a security scanner) is to
list vulnerabilities, and let users of the software determine what is or
is not acceptable.
-Sullo